Privacy Policy

Natalie Alberta Dusey Advisory | Dusey Services SARL (Monaco) | Dusey Limited (UK)

Effective Date: March 2026 | Last Reviewed: March 2026

1. About This Policy

This Privacy Policy explains how Natalie Alberta Dusey Advisory, operating through Dusey Services SARL (Monaco) and Dusey Limited (United Kingdom), collects, uses, stores, and protects your personal data when you visit our website or contact us.

We are committed to protecting your privacy and handling your personal data responsibly, lawfully, and transparently, in accordance with:

●Monaco Act No. 1.565 of 3 December 2024 on the Protection of Personal Data
●EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679
●UK GDPR and the UK Data Protection Act 2018
●UK Data (Use and Access) Act 2025 (DUAA)
●UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), where applicable
●DIFC Data Protection Law No. 5 of 2020 (as amended by Amendment Law No. 1 of 2025), where applicable
●ADGM Data Protection Regulations 2021, where applicable
●Council of Europe Convention 108+ (to which Monaco acceded in March 2025)

2. Data Controller

The data controller for your personal data is:

Monaco entity

Dusey Services SARL — [INSERT Registered Address]

UK entity

Dusey Limited — [INSERT UK Registered Address]

Contact

natalie@duseyservices.com

Principal

Natalie Alberta Dusey, ACG — Associate Chartered Governance Professional | Prosci Certified Change Practitioner (CCP)

We have assessed that, given the nature and scale of our processing activities, appointment of a Data Protection Officer (DPO) is not mandatory under applicable law. All data protection enquiries should be directed to natalie@duseyservices.com.

3. Personal Data We Collect

We collect only personal data that is necessary for the purposes described in this Policy:

Identity data

First name, last name, title, professional designation

Contact data

Email address, telephone number, mailing address

Professional data

Company name, job title, industry sector

Enquiry data

Content of messages submitted via our contact form

Technical data

IP address, browser type, device type, website usage data (anonymised analytics)

Communication data

Records of correspondence with us

We do not collect sensitive personal data (special category data) unless voluntarily provided and directly relevant to an advisory engagement. We do not collect data from minors under the age of 18.

4. How We Use Your Personal Data

●To respond to your enquiries and assess whether a potential advisory engagement may be of mutual benefit
●To provide professional advisory services to clients under a written engagement agreement
●To manage and administer our professional relationships and business operations
●To maintain the security and functionality of our website
●To comply with our legal and regulatory obligations
●To conduct limited analytics to understand how our website is used (in anonymised form where possible)

We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes.

5. Legal Basis for Processing

Legitimate interests

Responding to enquiries; maintaining website security; anonymised analytics

Contractual necessity

Providing services under a written advisory engagement

Legal obligation

Record-keeping; compliance with applicable professional and corporate law

Consent

Non-essential cookies and analytics tracking (where required by applicable law)

Recognised legitimate interest (UK DUAA 2025)

Where applicable under the Data (Use and Access) Act 2025 for certain processing in the public interest

6. Data Retention

●Enquiry data: retained for up to 12 months from receipt on the basis of legitimate interest, unless an engagement proceeds
●Client data: retained for the duration of the engagement and a reasonable period thereafter, in accordance with applicable professional obligations
●Financial and corporate records (Dusey Limited): retained for 7 years in accordance with UK Companies Act requirements
●Cookie and analytics data: retained in accordance with cookie-specific retention periods set out in our Cookie Policy

When personal data is no longer required, it is deleted or anonymised securely.

7. International Data Transfers

Dusey Services SARL is established in Monaco. Dusey Limited is established in the United Kingdom. We may transfer personal data between these entities and jurisdictions in the ordinary course of operating our business.

Monaco to / from EU

As at March 2026, Monaco does not yet benefit from a formal EU adequacy decision from the European Commission. Monaco is actively seeking adequacy recognition under Act No. 1.565 of 3 December 2024. Pending that decision, transfers between Monaco and the EU are governed by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms approved by the APDP.

Monaco to / from UK

The UK has not yet issued an adequacy decision in respect of Monaco. Transfers are covered by UK GDPR-compliant International Data Transfer Agreements (IDTAs) or equivalent UK-approved safeguards.

UK to / from EU

The UK currently holds EU adequacy status. Transfers between the UK and EU proceed without additional safeguards, subject to continued adequacy.

Transfers involving UAE

Where personal data relating to UAE-based clients or contacts is processed, we apply appropriate safeguards consistent with the UAE PDPL and, where applicable, DIFC and ADGM requirements.

We do not transfer personal data to third countries without ensuring appropriate protections are in place.

8. Sharing Your Personal Data

●Service providers: trusted third-party providers who process data on our behalf (e.g., website hosting, email services, document management), under written data processing agreements requiring appropriate security and confidentiality
●Professional advisers: lawyers, accountants, and compliance professionals, on a need-to-know basis and subject to professional confidentiality obligations
●Legal requirements: where disclosure is required by applicable law, court order, or regulatory authority
●Business transfers: in the event of a merger, acquisition, or business sale, personal data may be transferred to the relevant third party subject to equivalent protections

9. Data Security

●Encryption of data in transit and at rest where appropriate
●Access controls and authentication protocols
●Secure hosting infrastructure
●Regular review of security practices and third-party processor obligations

Whilst we take all reasonable steps to protect your data, no transmission over the internet is completely secure. You provide data at your own risk and should take reasonable precautions when submitting personal information online.

10. UAE Data Protection

Natalie Alberta Dusey Advisory targets clients and contacts in the United Arab Emirates. Where we process personal data of individuals located in the UAE, we do so in compliance with:

●Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), effective 1 January 2026, with full compliance transition to 1 January 2027
●DIFC Data Protection Law No. 5 of 2020 (as amended by Amendment Law No. 1 of 2025, effective 15 July 2025), for clients or contacts associated with entities in the Dubai International Financial Centre
●ADGM Data Protection Regulations 2021, for clients or contacts associated with entities in the Abu Dhabi Global Market

UAE data subjects have equivalent rights to those described in Section 11 below. All enquiries relating to UAE data processing should be directed to natalie@duseyservices.com.

11. Your Rights

Access

Request a copy of the personal data we hold about you

Rectification

Request correction of inaccurate or incomplete data

Erasure

Request deletion of your data in certain circumstances

Restriction

Request that we limit how we use your data

Objection

Object to processing based on legitimate interests

Portability

Receive your data in a structured, machine-readable format

Withdraw consent

Where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise any right, please contact natalie@duseyservices.com. We will respond within 30 days. We may need to verify your identity before processing your request.

12. Data Protection Complaints

If you believe we have not handled your personal data in compliance with applicable law, you have the right to raise a complaint. We take all complaints seriously.

Step 1 — Contact us directly

Please write to natalie@duseyservices.com with the subject line 'Data Protection Complaint'. Describe your concern and your preferred resolution. We will acknowledge receipt within five working days and aim to provide a full response within 30 days.

Step 2 — Escalate to a supervisory authority

If you are not satisfied with our response, you may contact the relevant authority:

Monaco: Autorité de Protection des Données Personnelles (APDP) — www.apdp.mc
United Kingdom: Information Commissioner's Office (ICO) — www.ico.org.uk — Tel: 0303 123 1113
EU residents: the data protection authority of your EU member state of residence
UAE (DIFC): Commissioner of Data Protection — commissioner.dp@difc.ae
UAE (ADGM): Office of Data Protection — dataprivacy@adgm.com

13. Supervisory Authorities

●APDP (Monaco) — Autorité de Protection des Données Personnelles — www.apdp.mc — established under Act No. 1.565 of 3 December 2024
●ICO (UK) — Information Commissioner's Office — www.ico.org.uk

14. Cookies

We use cookies on this website. For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

15. Updates to This Policy

We review and update this Privacy Policy periodically to reflect changes in our practices, applicable law, or regulatory guidance. The most current version will always be published on this website with the date of last review. Material changes will, where practicable, be communicated to known contacts by email or notice on our website.

Natalie Alberta Dusey Advisory | Dusey Services SARL (Monaco) | Dusey Limited (England and Wales) | March 2026